The Latest Pawn in the Warranty Fraud Game? Fitbit Users

By on

With great technology comes great responsibility. This is particularly true when it comes to protecting technology. And with more and more aspects of our lives becoming integrated with our tech, device security must be top of mind. Think about it: the way we bank, the way we work, and even the way we monitor our fitness has moved to our pocket screens. And in many cases, all that’s needed for access is a password.

That means all that stands between you and a cybercrime is a not-so-strong login. In fact, just this week, the problem of weak passwords played a strong role in the latest hacker ploy: a warranty fraud scheme aimed at Fitbit users.

It all began in Fitbit’s customer service department, which started seeing a large number of customer requests come in, demanding replacements for faulty devices. Usually, this would be indicative of some sort of manufacturing error. But further investigation by Fitbit occurred after observing data from customer accounts posted in bulk online.

Now, it turns out this wasn’t a security breach on Fitbit systems at all. Instead, attackers had gotten a hold of users’ credentials, and proceeded to change the emails and passwords associated with the compromised accounts. It gets worse: hackers posed as the customer behind each account in order to take advantage of the product warranty and rake in new, replacement devices.

So, how did the attackers get all these passwords to begin with?

Reports indicate the cause was two-fold: malware infected customer computers and—you guessed it—users having the same password across different online accounts.

While it seems easier than keeping track of multiple logins, using a single password for everything potentially allows cybercriminals an unbelievable amount of access to personal information. The good news is there are password management solutions out there, to help combat the problem of having to remember countless passwords. Still, many of us are creatures of habit, using one ‘master’ login for just about everything we do online.

In light of this wave of warranty fraud, Fitbit plans to implement further safeguards for their users, such as two-factor authentication. However, customers’ poor password habits can still leave the door open to hacks.

This recent example scheme certainly serves as a reminder of just how critical strong, unique passwords are. To keep your private data online safe from being hijacked, here are a few best practices to keep in mind:

Use different passwords across all accounts. After reading through the above, this should go without saying. A complex password is a strong one, containing at least eight characters in length including numbers, symbols and upper and lowercase letters. If remembering multiple passwords isn’t your strong suit, remember that solutions like True Key can help make password management painless. 

Report suspicious activity. If you notice suspicious activity in an online account, change your passwords immediately. If you find yourself locked out of an online account, notify the company. This will minimize damage to your account, and can also let the vendor investigate what could be a bigger issue.

Protect devices from malware. Even if your online accounts are locked down, a malicious attack could leave your device compromised. Use a comprehensive security solution, like McAfee LiveSafe™ , to help protect your digital life.



Categories: Consumer Threat Notices
Tags: ,

Leave a Comment

Similar articles

The topics parents need to discuss with kids today can be tough compared to even a few years ago. The digital scams are getting more sophisticated and the social culture poses new, more inherent risks. Weekly, we have to breach very adult conversations with our kids. Significant conversations about sexting, bullying, online scams, identity fraud, ...
Read Blog
There's something ironic about cybercriminals getting "hacked back." BriansClub, one of the largest underground stores for buying stolen credit card data, has itself been hacked. According to researcher Brian Krebs, the data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past ...
Read Blog